{"vulnerability": "CVE-2024-1286", "sightings": [{"uuid": "68de73e8-d58e-4604-bb2e-b8420dfabdb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12867", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldr7caniju23", "content": "", "creation_timestamp": "2024-12-20T20:15:58.052457Z"}, {"uuid": "e71e567c-473c-41a9-b0c1-ee5379cafc21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12867", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113686784082839328", "content": "", "creation_timestamp": "2024-12-20T19:24:17.993764Z"}, {"uuid": "e89798cf-0a70-48ea-9939-edaa65cbaf77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12861", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxodxbeh72e", "content": "", "creation_timestamp": "2025-01-30T14:16:52.648918Z"}, {"uuid": "31659ea2-d156-400b-9380-9e8b57f45cbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lijpzycmv42q", "content": "", "creation_timestamp": "2025-02-19T12:00:12.436778Z"}, {"uuid": "a52dc697-14b2-4b13-9600-efeb62655147", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12861", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917789478720881", "content": "", "creation_timestamp": "2025-01-30T14:32:02.599434Z"}, {"uuid": "73f1804f-6666-421a-9423-9062c1b4069b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114024494206744752", "content": "", "creation_timestamp": "2025-02-18T10:48:25.670667Z"}, {"uuid": "160ee0f8-9398-4da4-8fd2-989556a1d8ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12862", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12664", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12862\n\ud83d\udd25 CVSS Score: 5.5 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4.\n\ud83d\udccf Published: 2025-04-21T14:22:59.811Z\n\ud83d\udccf Modified: 2025-04-21T14:56:38.978Z\n\ud83d\udd17 References:\n1. https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839115", "creation_timestamp": "2025-04-21T15:02:43.000000Z"}, {"uuid": "79a94768-6667-4cc2-8c7d-70b56565879d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3liihtltglb2k", "content": "", "creation_timestamp": "2025-02-19T00:00:49.331179Z"}, {"uuid": "851ea02c-d7fb-48e0-8b60-8cdb5f79cf57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:43.000000Z"}, {"uuid": "b58f187f-c093-4f10-a13a-07887cf5c1f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12866", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8193", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12866\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration files.\n\ud83d\udccf Published: 2025-03-20T10:11:31.785Z\n\ud83d\udccf Modified: 2025-03-20T10:11:31.785Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/c23da7c7-a226-40a2-83db-6a8ab1b2ef64", "creation_timestamp": "2025-03-20T10:19:34.000000Z"}, {"uuid": "137d7d71-fec1-42fc-ac15-3e24d6a7566a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligweenowa2o", "content": "", "creation_timestamp": "2025-02-18T09:15:24.382691Z"}, {"uuid": "1b1761ca-0586-4086-9143-e6b9c7cd6e41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://t.me/cvedetector/18298", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12860 - CarSpot \u2013 Dealership Wordpress Classified Theme WordPress Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12860 \nPublished : Feb. 18, 2025, 9:15 a.m. | 17\u00a0minutes ago \nDescription : The CarSpot \u2013 Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T10:57:32.000000Z"}, {"uuid": "82d3d95b-d071-4c06-b0a8-589fb4001f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12863", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12696", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12863\n\ud83d\udd25 CVSS Score: 5.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.\n\ud83d\udccf Published: 2025-04-21T15:13:04.555Z\n\ud83d\udccf Modified: 2025-04-21T15:24:29.951Z\n\ud83d\udd17 References:\n1. https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839121", "creation_timestamp": "2025-04-21T16:03:04.000000Z"}, {"uuid": "15b56c01-5c48-4065-8594-10342f62d416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12862", "type": "seen", "source": "https://t.me/cvedetector/23445", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12862 - OpenText Content Server Unauthorized Deletion\", \n  \"Content\": \"CVE ID : CVE-2024-12862 \nPublished : April 21, 2025, 3:15 p.m. | 26\u00a0minutes ago \nDescription : Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T18:09:21.000000Z"}, {"uuid": "92100dd3-bd5f-44e2-addd-9c9fd9d0a7ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12861", "type": "seen", "source": "https://t.me/cvedetector/16788", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12861 - Shopify WooCommerce Migrate Plugin Arbitrary File Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12861 \nPublished : Jan. 30, 2025, 2:15 p.m. | 46\u00a0minutes ago \nDescription : The W2S \u2013 Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.2.1 via the 'viw2s_view_log' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T16:46:42.000000Z"}, {"uuid": "b9498c0a-f77b-48bb-a87b-8756f76d0c13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12863", "type": "seen", "source": "https://t.me/cvedetector/23443", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12863 - OpenText Content Management CE Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12863 \nPublished : April 21, 2025, 3:15 p.m. | 26\u00a0minutes ago \nDescription : Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T18:09:19.000000Z"}, {"uuid": "c73c7baf-6e3c-40b3-8ed0-0663947cbac4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12867", "type": "seen", "source": "https://t.me/cvedetector/13459", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12867 - Arctic Security Arctic Hub SSRF\", \n  \"Content\": \"CVE ID : CVE-2024-12867 \nPublished : Dec. 20, 2024, 8:15 p.m. | 24\u00a0minutes ago \nDescription : Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T21:46:13.000000Z"}, {"uuid": "dab80744-6264-4333-a125-8e5abc3601a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1286", "type": "seen", "source": "https://t.me/cvedetector/1993", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-1286 - WordPress pmpro-membership-maps Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-1286 \nPublished : July 30, 2024, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T09:02:54.000000Z"}]}